Multiple vulnerabilities in PostgreSQL

Açıklama

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. Heap buffer overflow vulnerability in refint can be exploited to cause denial of service.
2. Integer underflow vulnerability can be exploited to cause denial of service.
3. Denial of service vulnerability can be exploited remotely to cause denial of service.
4. Security vulnerability area can be exploited to bypass security restrictions.
5. A remote code execution vulnerability can be exploited remotely to execute arbitrary code.
6. Heap buffer overflow vulnerability in libpq can be exploited to cause denial of service.

Orijinal öneriler

• PostgreSQL refint allows stack buffer overflow and SQL injection

• PostgreSQL server undersizes allocations, via integer wraparound
• PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
• PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
• PostgreSQL timeofday() can disclose portions of server memory
• PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
• PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
• PostgreSQL discloses MD5-hashed passwords via covert timing channel

İlgili ürünler

• PostgreSQL

CVE Listesi

• CVE-2026-6472
  high
• CVE-2026-6473
  critical
• CVE-2026-6474
  warning
• CVE-2026-6475
  critical
• CVE-2026-6477
  critical
• CVE-2026-6478
  high
• CVE-2026-6479
  critical
• CVE-2026-6637
  critical

Daha fazlasını okuyun

Bölgenizde yayılan güvenlik açıklarının istatistiklerini öğrenin statistics.securelist.com